CVE-2014-5332 (linux_kernel)

National Cyber Awareness System Vulnerability Summary for CVE-2014-5332 Original release date: 02/06/2015 Last revised: 02/06/2015 Source: US-CERT/NIST Overview Race condition in NVMap in NVIDIA Tegra Linux Kernel 3.10 alllows local users to gain privileges via a crafted NVMAP_IOC_CREATE IOCTL call, which triggers a use-after-free error, as demonstrated by using a […]

CVE-2014-9562 (optimalsite)

National Cyber Awareness System Vulnerability Summary for CVE-2014-9562 Original release date: 02/04/2015 Last revised: 02/05/2015 Source: US-CERT/NIST Overview Cross-site scripting (XSS) vulnerability in display_dialog.php in M2 OptimalSite 0.1 and 2.4 allows remote attackers to inject arbitrary web script or HTML via the image parameter. Impact CVSS Severity (version 2.0): Impact […]

CVE-2014-9043 (owncloud)

The user_ldap (aka LDAP user and group backend) application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote attackers to bypass authentication via a null byte in the password and a valid user name, which triggers an unauthenticated bind. Impact CVSS Severity (version 2.0): Impact Subscore: […]

CVE-2015-1476 (ecommercemajor)

National Cyber Awareness System Vulnerability Summary for CVE-2015-1476 Original release date: 02/04/2015 Last revised: 02/04/2015 Source: US-CERT/NIST Overview Multiple SQL injection vulnerabilities in xlinkerz ecommerceMajor allow remote attackers to execute arbitrary SQL commands via the (1) productbycat parameter to product.php, or (2) username or (3) password parameter to __admin/index.php. Impact […]

CVE-2015-1475 (mylittleforum)

National Cyber Awareness System Vulnerability Summary for CVE-2015-1475 Original release date: 02/04/2015 Last revised: 02/04/2015 Source: US-CERT/NIST Overview Multiple cross-site scripting (XSS) vulnerabilities in my little forum 2.3.3, 2.2, and 1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) category parameter to […]

CVE-2015-1381 (debian_linux, privoxy)

National Cyber Awareness System Vulnerability Summary for CVE-2015-1381 Original release date: 02/03/2015 Last revised: 02/04/2015 Source: US-CERT/NIST Overview Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors. Impact CVSS Severity (version 2.0): Impact […]

CVE-2014-9574 (fluxbb)

National Cyber Awareness System Vulnerability Summary for CVE-2014-9574 Original release date: 02/03/2015 Last revised: 02/03/2015 Source: US-CERT/NIST Overview Directory traversal vulnerability in install.php in FluxBB before 1.5.8 allows remote attackers to include and execute arbitrary local install.php files via a .. (dot dot) in the install_lang parameter. Impact CVSS Severity […]

CVE-2014-9328 (clamav, fedora)

National Cyber Awareness System Vulnerability Summary for CVE-2014-9328 Original release date: 02/03/2015 Last revised: 02/04/2015 Source: US-CERT/NIST Overview ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a “heap out of bounds condition.” Impact CVSS Severity (version 2.0): Impact Subscore: 6.4 […]

CVE-2015-0313 (flash_player)

National Cyber Awareness System Vulnerability Summary for CVE-2015-0313 Original release date: 02/02/2015 Last revised: 02/04/2015 Source: US-CERT/NIST Overview Unspecified vulnerability in Adobe Flash Player through 13.0.0.264 and 14.x, 15.x, and 16.x through 16.0.0.296 on Windows and OS X and through 11.2.202.440 on Linux allows remote attackers to execute arbitrary code […]

CVE-2015-0223 (qpid)

National Cyber Awareness System Vulnerability Summary for CVE-2015-0223 Original release date: 02/02/2015 Last revised: 02/04/2015 Source: US-CERT/NIST Overview Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unknown vectors, related to 0-10 connection handling. Impact CVSS Severity (version 2.0): Impact Subscore: […]